EAC Unit Recommends E-Voting Software Independence

A committee has voted that election results should be determined independently of whether or not voting machines have had software problems or security breaches.

WASHINGTONThe Technical Guidelines Development Committee, a committee appointed by the Election Assistance Commission to study security issues involving electronic voting, voted on Dec. 5 to recommend a move to software independence in voting machines used in the United States.
Software independence means that election results can be determined independently of whether voting machines have software problems or had their security penetrated.
An example of such software independence would be with machines that use voter verifiable paper audit trails.

The committee vote recommended that NIST (National Institute of Standards and Technology) develop standards for such software independent machines. However, the committee stopped short of recommending that existing machines that are certified under the EACs best practices be decertified.

A report by the committee said that the current security threats are not sufficiently serious to require jurisdictions remove such machines from use. Instead, the resolution passed by the committee recommends that such standards be developed for future requirements of the EAC.
"I think its a very significant step by the TGDC," said Ray Martinez, a policy advisor to the Pew Center on the States, and a former member of the EAC.
"For the TGDC to weigh in on requiring software independence shows that theres clear momentum. I hope that the TGDC will instruct its staff to move ahead on this."

Martinez said that by grandfathering existing machines, election officials will have time to absorb the change, and take the time to develop the voting systems properly.
"This resolution hit the nail on the head," said Lawrence Norden, Counsel at the Brennan Center for Justice at the NYU School of Law. Norden said that electronic voting machines that do not have a means of auditing have serious vulnerabilities because its impossible to verify that theyve recorded votes properly.
"Paperless DREs [direct recording election machines] have serious security vulnerabilities because they are not independent of the software," Norden said.
He added that the problems reach beyond just election fraud to defective software.
"To make these systems reliable from software bugs, you need to have some independent means of verifying what the software is telling you," he said.
Norden said that the committee resolution sends the right message as to what is important in voting systems security, and it probably will have an impact on future machines.
He added that whats more important is that the committee vote also highlights the problems of e-voting for legislatures that must pass voting laws.
Click here to read about the risks of e-voting.
Norden thinks the resolution by the TGDC will encourage those legislatures to step up their efforts to ensure voting security. "The legislatures will be ahead of the federal agency in charge of this. This will shift the debate even further to make sure that there is a requirement that there is some sort of voter verifiable record."
"This is far from over," Norden cautioned that this is far from over and that the TGDC gets to draft the next iteration of the voting system guidelines based on these recommendations.
The EAC still has to approve whatever the TGDC comes up with by July, and that will be followed by a public comment period, and this is the first step in something that probably will not come out until March of 2008, Norden said, adding that some types of voting systems that cant be verified or audited, such as the old mechanical lever systems, are already on their way out.
Despite the fact that secure voting machines may take several years to arrive, Martinez thinks its worth the wait. "This is the issue thats out there, not just with election officials, but with the general public."
Martinez said that the TGDC resolution is a very positive move. "What the EAC will do remains to be seen," he said, "I hope the EAC will take up where the TGDC left off."
Check out eWEEK.coms for the latest news, views and analysis of technologys impact on government and politics.

Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazine's Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.

He is a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine. He is a regular contributor to Plane & Pilot Magazine and The Washington Post.